Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56375
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0161
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0161.

Red Hat Application Server packages provide a J2EE Application Server and
Web container as well as the underlying Java stack.

A denial of service flaw was found in the way Apache Tomcat displays
directory listings. A remote attacker could cause Tomcat to consume large
amounts of CPU resources by sending multiple requests for a directory
containing a large number of files. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-3510 to this issue.
This update contains a version of Apache Tomcat that will recover after
the aforementioned attack. Users are also advised to disable directory
listing for web directories that contain very large numbers of files.

A cross-site scripting flaw was found in the way Struts displays error
pages. It may be possible for an attacker to construct a specially crafted
URL which could fool a victim into believing they are viewing a trusted
site. The Common Vulnerabilities and Exposures project has assigned the
name CVE-2005-3745 to this issue. Please note that this issue does not
affect Struts running on Tomcat or JOnAS, which is our supported usage of
Struts.

Additionally, this update replaces some other outdated packages with new
versions. Several bug fixes and enhancements are included in these new
versions.

IMPORTANT: Before applying this update, read the detailed
installation/upgrade instructions in the RELEASE_NOTES document.

All users of Red Hat Application Server should upgrade to these updated
packages, which contain packages that are not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0161.html

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-3510
BugTraq ID: 15325
http://www.securityfocus.com/bid/15325
Bugtraq: 20051104 Apache Tomcat 5.5.x remote Denial Of Service (Google Search)
http://www.securityfocus.com/archive/1/415782/30/0/threaded
Bugtraq: 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/500396/100/0/threaded
Bugtraq: 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (Google Search)
http://www.securityfocus.com/archive/1/500412/100/0/threaded
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
http://www.osvdb.org/20439
http://www.redhat.com/support/errata/RHSA-2006-0161.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://securitytracker.com/id?1015147
http://secunia.com/advisories/17416
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://secunia.com/advisories/33668
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
http://www.vupen.com/english/advisories/2008/1979/references
http://www.vupen.com/english/advisories/2009/0233
Common Vulnerability Exposure (CVE) ID: CVE-2005-3745
BugTraq ID: 15512
http://www.securityfocus.com/bid/15512
Bugtraq: 20051121 Security Advisory: Struts Error Message Cross Site Scripting (Google Search)
http://www.securityfocus.com/archive/1/417296/30/0/threaded
http://www.hacktics.com/AdvStrutsNov05.html
https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E
https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E
http://www.osvdb.org/21021
http://www.redhat.com/support/errata/RHSA-2006-0157.html
http://securitytracker.com/id?1015257
http://secunia.com/advisories/17677
http://secunia.com/advisories/18341
http://securityreason.com/securityalert/197
http://www.vupen.com/english/advisories/2005/2525
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.